This issue occurs due to the presence of Cisco bug ID CSCsc49958.
The Authentication, Authorization, and Accounting (AAA) authentication fallback method to enable a password does not work properly in this scenario. If the RADIUS server is not available, then the user password that was typed originally for RADIUS authentication is cached and automatically used for the enable password. This causes the authentication to fail for the fallback enable method. The user is prompted again for their RADIUS account information, so this user is locked out.
This issue was first found in Cisco IOS Software Releases 12.3(2) and 12.3(3.1)T. Refer to all affected versions for a list of all Cisco IOS Software releases affected by this bug.
As a workaround, perform one of these steps:
If the RADIUS server is unavailable, enter any username and use the enable password as the user password.
Download and upgrade the Cisco IOS version to any one of these versions:
in this picture , we are seeing a scenario for ASA firewall . i'm gana ask a question for youe.. can we have one ip address with two mac-address on outbound interface ? if the answer is positive , how?there are two context , ctx1 and ctx2 on firewall .&nb...
Hi Team,we are using Solar winds monitoring tool and enabled NetFlow in ASA. everything is working perfectly expect bandwidth utilization is showing spikes. as per analysis there is no possibility for this spike because in the ISP side monitoring tool uti...
I use old good Cisco ASA 5550-failover clusters.I dont understand its current throughput.In Cisco datasheet info : Firewall Throughput Up to 1.2 Gbps ( 600 Mbps input + 600 Mbps output ) - right ? My config: Firewall mode: Transparent&...
Hi, I have FMC1000 appliance which running on version 6.3. I would like to verify hardware infomation of the FMC via CLI such as NIC, CPU cores, Memory, Event storage space and power supply status. Unfortunately, I have found only "show ver...
Team Hi,While reading about IPSec VPN the below mentioned statement has raised me a doubt "The peer that has traffic that should be protected will initiate the IKE phase 1 negotiation." So as per the above statement it states that the peer...